Aviva 2007 Annual Report Download - page 89
Download and view the complete annual report
Please find page 89 of the 2007 Aviva annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.Control environment
The Group has an established governance framework,
the key features of which include:
– Terms of reference for the Board and each of
its committees;
– A clear organisational structure, with documented
delegation of authority from the Board to
executive management;
– A Group policy framework, which sets out risk
management and control standards for the Group’s
operations worldwide;
– Defined procedures for the approval of major
transactions and capital allocation; and
– Committees of senior executives responsible for
reviewing the Group’s financial risks (Asset and Liability
Management Committee) and non-financial i.e.
operational risks (Group Operational Risk Committee).
The Group’s risk and governance framework has been
structured in accordance with the Financial Services
Authority’s risk-based framework for integrating
and embedding risk and capital management
(Prudential Sourcebook).
Risk identification, assessment and management
There is in place an ongoing process for identifying,
evaluating and managing the significant risks faced by
the Group which has operated throughout 2007 and
up to the date of signing this report. The Group’s risk
management and control framework is designed to
support the identification, assessment, monitoring,
management and control of risks that are significant to the
achievement of the Group’s business objectives. The Group
has a set of formal policies which govern the management
and control of both financial and non-financial risks.
The adoption of these policies throughout the Group
enables a broadly consistent approach to the management
of risk at business unit level. At Group level, policy owners
are responsible for the Group-wide aggregation and
oversight of their specific risks. During 2007 the Group
policy set has been revised and refreshed and the risk
management framework has been reviewed and a
Group Chief Risk Officer appointed.
The Asset and Liability Management Committee is
responsible for reviewing and monitoring the financial
risks to the Group and, with the assistance of its
sub-committees, considers the risks relating to life
assurance, general insurance, reserving, capital
management, credit and investment. Similarly, a Group
Operational Risk Committee monitors risks associated
with information technology, business protection,
human resource management, business standards
and regulatory compliance.
Management monitors the completeness of the Group’s
risk profile on a regular basis through a Group risk
monitoring framework. Each quarter, businesses report
residual risk profiles and the adequacy of the mitigating
action programmes, based on local materiality levels.
These impact assessments are based on financial,
reputational and operational criteria. This enables the
Group risk function to assess the overall risk exposure
and to develop a Group-wide risk profile that is refreshed
quarterly. Material items in the Group risk report are
reported to the committee of the Group’s senior
executives (Executive Committee), the Risk and Regulatory
Committee and in respect of social, environmental and
ethical risks, the Board’s Corporate Social Responsibility
Committee. The Executive Committee considers whether
the residual risks are within the Group’s risk appetite,
and the adequacy of the mitigating actions.
The Boards, audit committees and management of the
operational businesses also consider local risk reports in
a similar way. Regular reports are supported by escalation
procedures for new or deteriorating risks that are classified
at the highest impact levels. In addition, business unit
heads and Group functional heads provide, in relation
to their own areas of responsibility, a certificate every
six months to confirm compliance with the Group’s
governance and risk management framework, and the
terms of their delegated authority. Any risk or control
issues not already reported through the regular risk
management processes must be specifically highlighted.
Control procedures and monitoring systems
The Group has a well-developed system of planning,
incorporating Board approval of a rolling three-year
Group plan. Performance against the plan is subsequently
monitored and reported to the Board each time it meets.
This report also includes updates on relevant measures
of solvency and liquidity. Performance is reported through
the half-yearly publication of the Company’s results
based on accounting policies that are applied consistently
throughout the Group. Operational management reports
quarterly to the Executive Committee on a wide range
of key performance and other significant matters
and the Board receives regular representations from
the senior executives responsible for each principal
business operation.
Whilst the Audit Committee has the overall responsibility
of monitoring the Group’s internal control process
on behalf of the Board, it is assisted by the Risk and
Regulatory Committee, which oversees the regulatory
compliance and non-financial control processes and
reports to the Board. In addition, the Audit Committee
performs an annual review of the effectiveness of the
internal audit function and the framework for the Group’s
systems of internal control. Throughout 2007, the Audit
Committee and the Risk and Regulatory Committee
received quarterly reports from the Group Audit Director
on issues arising, and updates on previously reported
items. More detailed reports on the work of these
committees during 2007 are set out overleaf.
Aviva plc
Annual Report and
Accounts 2007
85
Governance